Vulnerability tests and penetration tests are mostly designed to assess the security of your technology-based security controls. An effective social engineering test does include some technology assessment, but mostly addresses your human controls – policy, procedures, training, and awareness. Since most studies agree that over 95% of all cyberattacks include some facet of social engineering, this is definitely an underappreciated focus.
Social engineering seeks to take advantage of people who have access within your environment, trying to trick them into taking an action that benefits the attacker. This includes actions such as opening a hostile email, installing a Trojan-horse or other malware, or even providing sensitive information over the telephone. Human controls, should, however, also be supported by technical controls – like filtering email, or blocking hostile attachments and links.
Our social engineering assessments help provide full-coverage security for clients. Offered by themselves, or in concert with complimentary services, it helps you understand how well you are doing at enabling your employees to support the most secure operations they are able. Not only does a social engineering assessment includes an engagement-specific report, but our security professionals also update the Darwin Attack® portal with key findings. This means you don’t need to wait for the report to start remediation. You can start fixes immediately, making the best use of the information in our collaboration portal.